Well they sure were quick about getting me a key. I am really hopeful, and there is now a bit of a weakness in SBIE, it's its popularity. Analyzing the ransomware in VS, I found it's up to 35-40 percent that are now SBIE aware. They look at the dll install, registry keys, and a couple of other things. So if this thing works it could be a consideration.

Well they sure were quick about getting me a key. I am really hopeful, and there is now a bit of a weakness in SBIE, it's its popularity. Analyzing the ransomware in VS, I found it's up to 35-40 percent that are now SBIE aware. They look at the dll install, registry keys, and a couple of other things.

Click to expand...

Bad news for testers, but good new for SBIE users. 35-40% of malware stops just by detecting sandbox app.

Bad news? I think tester/malware testers/pentesters/betatesters and testers of all kinds should work on real machines, dedicated for such.

Click to expand...

I agree, but sometimes it's more convenient to just run it inside sandbox or virtual machine.
Some malware also uses other indicators to detect non standard environment and could detect real machine dedicated for testing also (lack of personal files, installed tools that researcher uses...).

It's not quite as polished as SBIE, but it protected the system against all the malware I threw at it. Couple of short comings. Biggest was It wouldn't take script files. That's huge. Also had no easy process kill

Back on topic which is the shade Sandbox. Not Bad.
It's not quite as polished as SBIE, but it protected the system against all the malware I threw at it. Couple of short comings. Biggest was It wouldn't take script files. That's huge. Also had no easy process kill

Click to expand...

yes when i tested it , it was decent, i think it is more a "sandbox for beginners" , made to be used "out-of-the-box" and it does its job quite well.

The percentage of environmental aware malware is a great deal less than 40%! Also the primary techniques used are not product specific at all, so the probability of malware not running in Shade will be as high as malware not running in SBIE, but would instead be dependent on the the "fingerprints" that VirtualBox or VMware leaves. And as to testers not running things in a VM- the virtual environment awareness of malware doesn't make the malware itself something brand new- the payload will be the same as malware without this function, so it is just a matter of finding and running the same stuff without VM awareness, and that is up to the experience of the tester.

Finally, recent malware seem to be using a lag time feature- they may not activate for a few minutes or a few hours whether it is in a VM or not. So does that mean that running it in an actual production system is also invalid because it does not infect immediately?

It's not quite as polished as SBIE, but it protected the system against all the malware I threw at it. Couple of short comings. Biggest was It wouldn't take script files. That's huge. Also had no easy process kill

Well I had a reason to be enthused, so I installed on my host machine this morning, made the appropriate exclusions for other software, and had a whirl. Never got Opera to do anything but basically do a freeze on the machine. Guess I wait until the next release. WHen I tested in the VM i had all other software disabled.

Found Shade very disappointing. Compared with Sandboxie browsers took a fair while to load. Also on shutting down Opera it consistently failed to unload its process so that it was not possible to clear the sandbox. I had to use the task manager to shut down Opera. Then clear the sandbox. Two out of three browsers found problems running in Shade.

Also lots of notices appeared in the system tray with long gibberish file names asking one to click on the notice to transfer the files from the virtual folder to the real folder! And this is for beginners??

Found Shade very disappointing. Compared with Sandboxie browsers took a fair while to load. Also on shutting down Opera it consistently failed to unload its process so that it was not possible to clear the sandbox. I had to use the task manager to shut down Opera. Then clear the sandbox. Two out of three browsers found problems running in Shade.

Click to expand...

Thanks for the heads up, it's clearly not as user friendly as SBIE, and needs some work.

I didn't receive any code from Shade via email and its been a few days but it did seem to work with Firefox but didn't work with Tor - I got an error message instead, something to do with the torrc file.
Should I still try to contact Shade and source the password or code or whatever they call it?

Does Shade remember saved bookmarks in Firefox?
What happens when I want to download an mp3 under Firefox Shade? Is there a recovery like in SBIE?

The user downloads an application and is executing it in the sandbox. No sign of malicious activity can be seen (because the malicious activity is delayed) and the user thinks it is safe.
Because it "seems to be safe", the user is executing it outside of the sandbox, and after some time the malicious activity is performed.